Details of VAR-202510-4196

ID

VAR-202510-4196

CVE

CVE-2025-20351

DESCRIPTION

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

Trust: 1.0

sources: NVD: CVE-2025-20351

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8845	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8832	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(5\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lt	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	lte	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(6\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(2\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(3\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lte	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(4\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8832	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	eq	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	lte	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	lte	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(0.7\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	lte	version:	3.2\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	eq	version:	14.3\(1\)	Trust: 1.0

sources: NVD: CVE-2025-20351

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2025-20351
value:	MEDIUM
Trust: 1.0

psirt@cisco.com:	CVE-2025-20351
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-20351

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2025-20351

EXTERNAL IDS

db:

NVD

id:

CVE-2025-20351

Trust: 1.0

sources: NVD: CVE-2025-20351

REFERENCES

url:

https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-phone-dos-fpyjlv7a

Trust: 1.0

sources: NVD: CVE-2025-20351

SOURCES

db:

NVD

id:

CVE-2025-20351

LAST UPDATE DATE

2025-12-18T00:33:53.873000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-20351

date:

2025-12-04T21:26:51.467

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-20351

date:

2025-10-15T17:15:49.060